To invalidate the single sign on session, simply invalidate one of the underlying logins. In practical terms, that means using form-based login (which is based on standard sessions) and just invalidating the session.
Due to limitations in HTTP, there is no way for the server to invalidate a BASIC or DIGEST mode login. Craig On Mon, 22 Oct 2001, Kar YEOW wrote: > Date: Mon, 22 Oct 2001 13:39:37 +1000 > From: Kar YEOW <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED], Kar YEOW <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: How do you invalidate a single sign on session? > > Anyone? TIA. > Kar > >